1
00:00:00,210 --> 00:00:07,590
In this video, let's try to understand how to achieve level security by using the approach invocation

2
00:00:07,590 --> 00:00:15,390
of tradition, so an invocation of tradition, we can configure alteration rules which will decide a

3
00:00:15,390 --> 00:00:17,510
method can be invoked or not.

4
00:00:17,520 --> 00:00:20,940
And this authorization check can happen in two ways.

5
00:00:20,940 --> 00:00:29,160
One is before the matter is invoked using preauthorization annotation, and the other one is once the

6
00:00:29,160 --> 00:00:33,460
method is executed by leveraging post authorization annotation.

7
00:00:33,600 --> 00:00:39,480
Think of a scenario where inside your application you have a method at the service layer which called

8
00:00:39,480 --> 00:00:42,970
lawn service and there is a method called Gatland details.

9
00:00:43,170 --> 00:00:49,210
So this method will return all the loans of a specific user.

10
00:00:49,410 --> 00:00:57,330
So for such methods, if you have a requirement where you want to configure authorization rules like

11
00:00:57,330 --> 00:01:06,560
only an admin has to invoke this method are only the person who logged in can get his one loan details,

12
00:01:06,570 --> 00:01:08,100
but not other details.

13
00:01:08,220 --> 00:01:14,820
In such scenarios, we can use preauthorization annotation on top of the matter, as you can see.

14
00:01:15,060 --> 00:01:19,770
So these are all the ways of how we can leverage Beatriz's annotation.

15
00:01:19,980 --> 00:01:27,660
The very first annotation line will check whether the user logged in, has a rule of admin using has

16
00:01:27,660 --> 00:01:28,340
authority.

17
00:01:28,560 --> 00:01:34,770
But if you are using rules, we can also use Hasdrubal and you have multiple rules.

18
00:01:34,770 --> 00:01:42,270
And a person who has any role, like admin or user, then you can leverage has any role method.

19
00:01:42,390 --> 00:01:49,000
And at the same time we can also write spring expression, language, expressions inside preordering

20
00:01:49,010 --> 00:01:49,740
sanitation.

21
00:01:49,890 --> 00:01:56,710
So this is the reason why prioritize and post audra's are more powerful compared to other annotations

22
00:01:56,710 --> 00:02:00,960
spelled like Aderet secured and a direct rule of law.

23
00:02:01,200 --> 00:02:04,410
And at the same time we can also use has permission.

24
00:02:04,710 --> 00:02:11,310
Matarasso, which is provided by spring security framework to decide whether a person are logged in

25
00:02:11,310 --> 00:02:17,850
user or the invocation party is authorized to invoke that method or not.

26
00:02:17,970 --> 00:02:25,100
So this is how we configure preauthorization rules in the invocation tradition approach.

27
00:02:25,320 --> 00:02:29,780
Similarly, you may have a requirement once a method has been executed.

28
00:02:29,790 --> 00:02:37,260
I don't want to stop the execution, but once the method has been executed after my business logic did

29
00:02:37,260 --> 00:02:43,370
some database interactions and it is trying to load certain data from the database inside that method.

30
00:02:43,560 --> 00:02:50,580
So in such scenarios, if I have a requirement where only certain users with certain authorities and

31
00:02:50,580 --> 00:02:57,140
rules only should be able to receive that return values, then I'll go with the post address.

32
00:02:57,450 --> 00:03:04,560
But please remember, if you use post authorized and the user is not authorized to invoke that method,

33
00:03:04,950 --> 00:03:11,850
for starters, will still execute the business logic present inside that method, like it will commit

34
00:03:11,850 --> 00:03:13,650
the transactions to database.

35
00:03:13,920 --> 00:03:20,600
But while retaining the values to the user, if the alteration rules are not satisfying, then it will

36
00:03:20,610 --> 00:03:23,900
troll for 083 error, which is an exception.

37
00:03:24,120 --> 00:03:29,820
But please don't expect your database transactions to be rolled back, because even if you keep adding

38
00:03:29,820 --> 00:03:35,790
transaction annotation on top of a method, the committee transactions to the database will not be rolled

39
00:03:35,790 --> 00:03:36,010
back.

40
00:03:36,270 --> 00:03:36,720
That's right.

41
00:03:36,720 --> 00:03:43,530
Please be careful and you can expect the most common scenario that we can use is Beatriz's, but not

42
00:03:43,530 --> 00:03:44,430
the post Autrey's.

43
00:03:44,580 --> 00:03:50,550
But spring security provides to both features so that you can use based upon your requirement.

44
00:03:50,580 --> 00:03:56,490
So just like how will we how has authority, has any authority, has rule and has any rule.

45
00:03:56,670 --> 00:04:03,270
If we have a complex permissions like that, you want to apply complex alteration rules that you want

46
00:04:03,270 --> 00:04:09,030
to apply based upon the data that it comes from the matter and based upon certain business requirements

47
00:04:09,030 --> 00:04:13,380
that you have, which you can't put inside this annotation brackets.

48
00:04:13,590 --> 00:04:22,140
In such scenarios, you can write your own permission evaluator class by extending this permission evaluator

49
00:04:22,350 --> 00:04:25,680
interface and reading the matter has permission.

50
00:04:25,800 --> 00:04:31,680
So in such scenarios, whenever you use has permission, the logic that you have written inside your

51
00:04:31,680 --> 00:04:39,180
permission evaluator implementation class will be executed to decide whether the given person are given

52
00:04:39,510 --> 00:04:47,580
client is authorized to invoke that method or is authorized to get the results from the method.

53
00:04:47,820 --> 00:04:53,130
Whenever you use preauthorization post annotations, I hope it is making sense.

54
00:04:53,280 --> 00:04:57,020
Let's try to go and do some handson in the next room.

55
00:04:57,210 --> 00:04:57,690
Thank you.

56
00:04:57,690 --> 00:04:58,140
On by.